Sgi Security Vulnerabilities
The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then...
6.9AI Score
0.001EPSS
Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP...
7AI Score
0.009EPSS
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft...
6.9AI Score
0.011EPSS
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or...
7.1AI Score
0.0004EPSS
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT...
7AI Score
0.007EPSS
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer...
7.7AI Score
0.048EPSS
gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s...
6.4AI Score
0.0004EPSS
gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting...
6.5AI Score
0.0004EPSS
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of...
7.8AI Score
0.108EPSS
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original...
6.7AI Score
0.07EPSS
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by...
6.7AI Score
0.021EPSS
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail...
8.3AI Score
0.028EPSS
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration...
7.1AI Score
0.011EPSS
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack...
6.3AI Score
0.01EPSS
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid...
6.2AI Score
0.013EPSS
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD...
6.2AI Score
0.009EPSS
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP...
6.2AI Score
0.039EPSS
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer...
9.6AI Score
0.017EPSS
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by...
6.7AI Score
0.011EPSS
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper...
7.7AI Score
0.014EPSS
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain...
7.7AI Score
0.011EPSS
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell...
7.7AI Score
0.003EPSS
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard)...
5.9AI Score
0.052EPSS
inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping...
7.6AI Score
0.001EPSS
Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack...
6.9AI Score
0.004EPSS
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary...
6.8AI Score
0.006EPSS
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test...
7.2AI Score
0.003EPSS
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite...
6.2AI Score
0.036EPSS
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode...
7.9AI Score
0.145EPSS
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root...
6.4AI Score
0.001EPSS
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive...
6.2AI Score
0.001EPSS
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory...
8.8AI Score
0.0004EPSS
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and...
6.8AI Score
0.0004EPSS
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n...
7.3AI Score
0.0004EPSS
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC...
6.9AI Score
0.005EPSS
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than...
6AI Score
0.0004EPSS
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...
7.2AI Score
0.003EPSS
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail...
6.3AI Score
0.015EPSS
fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast...
6.7AI Score
0.0004EPSS
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS...
8AI Score
0.139EPSS
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service...
6.2AI Score
0.029EPSS
rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink...
6.9AI Score
0.0004EPSS
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP)...
6AI Score
0.013EPSS
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary...
7.1AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in...
6.2AI Score
0.023EPSS
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as...
9.8AI Score
0.261EPSS
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes...
6.5AI Score
0.007EPSS
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via...
7.5AI Score
0.005EPSS
cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed...
6.5AI Score
0.0004EPSS
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp...
6AI Score
0.0004EPSS